URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 59261
[ Назад ]

Исходное сообщение
"pppd: EAP: peer requesting unknown type 13"
Отправлено guest777 , 17-Авг-05 15:19

здравствуй многоуважаемый all.
Есть проблема - необходимо сделать авторизацию windows vpn клиентов по x509 сертификатам.
Система Linux SUSE 9.2, установлены poptop, pppd 2.4.2, freeradius
При попытке коннекта с виндовой машины в логи сыпется следующее:
Aug 17 15:07:18 eugene pptpd[10411]: MGR: Launching /usr/sbin/pptpctrl to handle client
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: local address = 192.168.0.1
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: remote address = 192.168.1.100
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: pppd options file = /etc/ppp/options.ms-vpn
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Client 192.168.100.1 control connection started
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Received PPTP Control Message (type: 1)
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Made a START CTRL CONN RPLY packet
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: I wrote 156 bytes to the client.
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Sent packet to client
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Received PPTP Control Message (type: 7)
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Made a OUT CALL RPLY packet
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Starting call (launching pppd, opening GRE)
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: pty_fd = 5
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: tty_fd = 6
Aug 17 15:07:18 eugene pptpd[10412]: CTRL (PPPD Launcher): Connection speed = 115200
Aug 17 15:07:18 eugene pptpd[10412]: CTRL (PPPD Launcher): local address = 192.168.0.1
Aug 17 15:07:18 eugene pptpd[10412]: CTRL (PPPD Launcher): remote address = 192.168.1.100
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: I wrote 32 bytes to the client.
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Sent packet to client
Aug 17 15:07:18 eugene pppd[10412]: Plugin radius.so loaded.
Aug 17 15:07:18 eugene pppd[10412]: RADIUS plugin initialized.
Aug 17 15:07:18 eugene pppd[10412]: Plugin radrealms.so loaded.
Aug 17 15:07:18 eugene pppd[10412]: RADIUS Realms plugin initialized.
Aug 17 15:07:18 eugene pppd[10412]: Plugin radattr.so loaded.
Aug 17 15:07:18 eugene pppd[10412]: RADATTR plugin initialized.
Aug 17 15:07:18 eugene pppd[10412]: pppd options in effect:
Aug 17 15:07:18 eugene pppd[10412]: debug debug         # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: nodetach            # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: idle 600            # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: dump                # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: plugin radius.so            # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: plugin radrealms.so         # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: plugin radattr.so           # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]:             # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: require-eap         # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: radius-config-file /etc/radiusclient/radiusclient.conf              # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: 115200              # (from command line)
Aug 17 15:07:18 eugene pppd[10412]: lock                # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: crtscts             # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: local               # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: asyncmap 0          # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: lcp-echo-failure 4          # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: lcp-echo-interval 30                # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: lcp-restart 2               # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: lcp-max-configure 60                # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: 192.168.0.1:192.168.1.100           # (from command line)
Aug 17 15:07:18 eugene pppd[10412]: +mppe-128           # (from /etc/ppp/options.ms-vpn)
Aug 17 15:07:18 eugene pppd[10412]: noipx               # (from /etc/ppp/options)
Aug 17 15:07:18 eugene pppd[10412]: pppd 2.4.2 started by eugene, uid 0
Aug 17 15:07:18 eugene pppd[10412]: using channel 253
Aug 17 15:07:18 eugene pppd[10412]: Using interface ppp0
Aug 17 15:07:18 eugene pppd[10412]: Connect: ppp0 <--> /dev/pts/3
Aug 17 15:07:18 eugene pppd[10412]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0xbd5724c6> <pcomp> <accomp>]
Aug 17 15:07:18 eugene pptpd[10411]: GRE: Bad checksum from pppd
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Received PPTP Control Message (type: 15)
Aug 17 15:07:18 eugene pptpd[10411]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Aug 17 15:07:18 eugene pppd[10412]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x2f1e7b12> <pcomp> <accomp>]
Aug 17 15:07:18 eugene pppd[10412]: sent [LCP ConfAck id=0x0 <mru 1400> <magic 0x2f1e7b12> <pcomp> <accomp>]
Aug 17 15:07:20 eugene pppd[10412]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0xbd5724c6> <pcomp> <accomp>]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic 0xbd5724c6> <pcomp> <accomp>]
Aug 17 15:07:20 eugene pppd[10412]: sent [LCP EchoReq id=0x0 magic=0xbd5724c6]
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xcc Identity <Message "Name">]
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: Received PPTP Control Message (type: 15)
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Aug 17 15:07:20 eugene pppd[10412]: rcvd [LCP EchoRep id=0x0 magic=0x2f1e7b12]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xcc Identity <Name "EUGENE">]
Aug 17 15:07:20 eugene pppd[10412]: EAP: unauthenticated peer name "EUGENE"
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xcd MD5-Challenge <Value 6f f7 60 75 17 83 5f 59 89 e6 a6 c3 bf 2b 56 81 ea d1 8b d6 1a 2d> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xcd Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xce MD5-Challenge <Value 80 c0 59 4a 52 10 cd 0b 68 46 0f 39 37 bc d3 5f 3a 97 b0 68> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xce Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xcf MD5-Challenge <Value 90 0a 20 81 62 44 cb fe ed af d0 1f 80 6a aa 0b 4a ee 0c d0 0a> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xcf Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xd0 MD5-Challenge <Value 4f 8a c5 f3 07 0b e1 23 07 5c ea eb 46 11 44 ef> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xd0 Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xd1 MD5-Challenge <Value be 61 90 33 64 80 20 02 b4 2c 86 09 52 80 47 44 07> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xd1 Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xd2 MD5-Challenge <Value ce 9b 1f 70 df e2 de c9 1c 1a e5 83 92 4a 94 c4> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xd2 Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xd3 MD5-Challenge <Value 70 94 72 30 ca 8d fd 3f 09 61 0d 0c d8 d0 f7 af e4 68 fe cc b9> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xd3 Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xd4 MD5-Challenge <Value c6 43 8e a9 99 d3 f0 5d 36 6a 4d 38 5c 70 d6 4a 83 00 f7> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xd4 Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xd5 MD5-Challenge <Value bf 22 44 16 26 bd 5c c6 88 e8 9b bb 8a dc b8 b5 18> <Name "eugene">]
Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xd5 Nak <Suggested-type 0d (TLS)>]
Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
Aug 17 15:07:20 eugene pppd[10412]: EAP: too many Requests sent
Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Failure id=0xd7]
Aug 17 15:07:20 eugene pppd[10412]: sent [LCP TermReq id=0x2 "Authentication failed"]
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: Received PPTP Control Message (type: 15)
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Aug 17 15:07:20 eugene pppd[10412]: rcvd [LCP TermAck id=0x2 "Authentication failed"]
Aug 17 15:07:20 eugene pppd[10412]: Connection terminated.
Aug 17 15:07:20 eugene pppd[10412]: Exit.
Aug 17 15:07:20 eugene pptpd[10411]: Error reading from pppd: Input/output error
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: Client 192.168.100.1 control connection finished
Aug 17 15:07:20 eugene pptpd[10411]: CTRL: Exiting now
Aug 17 15:07:20 eugene pptpd[9583]: MGR: Reaped child 10411
Куда смотреть/копать?

Содержание

pppd: EAP: peer requesting unknown type 13,jonatan, 16:00 , 17-Авг-05
- pppd: EAP: peer requesting unknown type 13,guest777, 16:11 , 17-Авг-05
pppd: EAP: peer requesting unknown type 13,jonatan, 16:42 , 17-Авг-05
- pppd: EAP: peer requesting unknown type 13,guest777, 16:52 , 17-Авг-05
  - pppd: EAP: peer requesting unknown type 13,jonatan, 17:06 , 17-Авг-05
    - pppd: EAP: peer requesting unknown type 13,jonatan, 17:13 , 17-Авг-05
      - pppd: EAP: peer requesting unknown type 13,guest777, 17:25 , 17-Авг-05

Сообщения в этом обсуждении

"pppd: EAP: peer requesting unknown type 13"
Отправлено jonatan , 17-Авг-05 16:00

http://www.freeradius.org/doc/EAPTLS.pdf
http://text.dslreports.com/forum/remark,9286052~mode=flat

"pppd: EAP: peer requesting unknown type 13"
Отправлено guest777 , 17-Авг-05 16:11

>http://www.freeradius.org/doc/EAPTLS.pdf
>http://text.dslreports.com/forum/remark,9286052~mode=flat

забавно но именно при такой конфигурации имеем вышеозначенную ситуацию.
только у меня не wireless, а необходимо по vpn обычных клиентов по ключам авторизовать

"pppd: EAP: peer requesting unknown type 13"
Отправлено jonatan , 17-Авг-05 16:42

>Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xcd MD5-Challenge <Value 6f f7 60 75 17 83 5f 59 89 e6 a6 c3 bf 2b 56 81 ea d1 8b d6 1a 2d> <Name "eugene">]
pppd предлагает клиенту использовать EAP-MD5
>Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xcd Nak <Suggested-type 0d (TLS)>]
клиент предлагает EAP-TLS
>Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
pppd отвечает, что клиент запросил неизветный тип EAP. Похоже pppd не настроен или не поддерживает EAP-TLS.

"pppd: EAP: peer requesting unknown type 13"
Отправлено guest777 , 17-Авг-05 16:52

>>Aug 17 15:07:20 eugene pppd[10412]: sent [EAP Request id=0xcd MD5-Challenge <Value 6f f7 60 75 17 83 5f 59 89 e6 a6 c3 bf 2b 56 81 ea d1 8b d6 1a 2d> <Name "eugene">]
>pppd предлагает клиенту использовать EAP-MD5
>>Aug 17 15:07:20 eugene pppd[10412]: rcvd [EAP Response id=0xcd Nak <Suggested-type 0d (TLS)>]
>клиент предлагает EAP-TLS
>>Aug 17 15:07:20 eugene pppd[10412]: EAP: peer requesting unknown Type 13
>pppd отвечает, что клиент запросил неизветный тип EAP. Похоже pppd не настроен
>или не поддерживает EAP-TLS.
pppd и не обязан его поддерживать его задача отдать клиента радиусу... А тот уже пусть авторизуется

"pppd: EAP: peer requesting unknown type 13"
Отправлено jonatan , 17-Авг-05 17:06

Не обязан?
http://www.faqs.org/rfcs/rfc2716.html
3.1.  Overview of the EAP-TLS conversation
   As described in [5], the EAP-TLS conversation will typically begin
   with the authenticator and the peer negotiating EAP.  The
   authenticator will then typically send an EAP-Request/Identity packet
   to the peer, and the peer will respond with an EAP-Response/Identity
   packet to the authenticator, containing the peer's userId.
Аутентификатор (authenticator) - это pppd, peer - клиент windows.
Так вот на этом этапе (peer will respond with an EAP-Response/Identity packet to the authenticator) pppd отвергает ответ клиента.

"pppd: EAP: peer requesting unknown type 13"
Отправлено jonatan , 17-Авг-05 17:13

Читаем дальше.
   From this point forward, while nominally the EAP conversation occurs
   between the PPP authenticator and the peer, the authenticator MAY act
   as a passthrough device, with the EAP packets received from the peer
   being encapsulated for transmission to a RADIUS server or backend
   security server.
Только после успешных "переговоров" между аутентификатором (pppd) и клиентом, аутентификатор может действовать как посредник между клиентом и RADIUS-сервером.

"pppd: EAP: peer requesting unknown type 13"
Отправлено guest777 , 17-Авг-05 17:25

>Читаем дальше.
>
>   From this point forward, while nominally the EAP conversation
>occurs
>   between the PPP authenticator and the peer, the authenticator
>MAY act
>   as a passthrough device, with the EAP packets received
>from the peer
>   being encapsulated for transmission to a RADIUS server or
>backend
>   security server.
>
>Только после успешных "переговоров" между аутентификатором (pppd) и клиентом, аутентификатор может действовать
>как посредник между клиентом и RADIUS-сервером.
Каюсь был неправ... Попробуем чего нить ему сделать